[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"branding":3,"analytics":7,"article-rockwell-releases-firmware-2013-to-fix-critical-flex-io-adapter-bugs":10},{"siteName":4,"siteTagline":5,"publisherName":4,"contactEmail":6},"The Revision","Tech news, decoded.","editor@therevision.news",{"gaMeasurementId":8,"adsenseClientId":9},"G-ZW2MV82GYR","ca-pub-8533917693782264",{"article":11},{"id":12,"slug":13,"title":14,"dek":15,"body_md":16,"tags_json":17,"published_at":18,"created_at":19,"updated_at":20,"status":21,"review_note":22,"review_notes":23,"image_url":22,"persona_id":22,"persona_name":22,"section":22,"tags":34,"sources":38,"feedback":42,"feedback_at":22,"cost_usd":42,"total_tokens":42},1451,"rockwell-releases-firmware-2013-to-fix-critical-flex-io-adapter-bugs","Rockwell releases firmware 2.013 to fix critical FLEX I\u002FO adapter bugs","A new firmware patch addresses two high‑severity CVEs in Rockwell Automation's FLEX I\u002FO EtherNet\u002FIP adapters, and operators are urged to update immediately.","Rockwell Automation has issued firmware version 2.013 for its FLEX I\u002FO EtherNet\u002FIP adapters to close two serious vulnerabilities.\n\nThe advisory lists CVE‑2026‑0646, a memory‑handling flaw that can crash the 1794‑AENTR and 1794‑AENTRXT modules, and CVE‑2026‑0647, an unauthenticated password‑change bug in the embedded web server. Both affect version 2.012 of the adapters and carry CVSS scores of 7.5 and 9.4 respectively. Rockwell’s mitigation guidance is a straight‑forward firmware upgrade; no public exploits have been reported.\n\nFor manufacturers that rely on these adapters for real‑time I\u002FO, the bugs translate to potential production downtime and unauthorized control‑system access. The memory issue can force a manual reset, while the authentication flaw could let an attacker seize the device’s web interface. Updating now avoids a scramble later, especially for sites that expose control‑system traffic to broader networks.\n\nBottom line: Apply firmware 2.013 immediately to patch CVE‑2026‑0646 and CVE‑2026‑0647, or risk denial‑of‑service and credential takeover on critical industrial hardware.","[\"rockwell\",\"industrial-control-systems\",\"security\"]","2026-06-16T12:00:00.000Z","2026-06-17T12:18:54.873Z","2026-06-17T12:18:57.700Z","published",null,[24,30],{"id":25,"reviewer":26,"round":27,"reason":28,"status":29},"editor-r1","editor",1,"Add a clear introductory paragraph before the bullet list and a concluding paragraph summarizing the news; ensure the body is narrative prose, not just bullets.","resolved",{"id":31,"reviewer":26,"round":32,"reason":33,"status":29},"editor-r2",2,"Add a brief concluding paragraph that restates the key facts—Rockwell’s firmware 2.013 patch, the CVEs, and the urgency for operators to apply it.",[35,36,37],"rockwell","industrial-control-systems","security",[39],{"name":40,"url":41},"CISA Advisories","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-167-05",0]